Homeland Security's National Cyber Awareness System has issued an alert concerning an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. The phishing emails have carried a Subject line of "SBA Application - Review and Proceed." The sender is identified as "firstname.lastname@example.org." Clicking on a link in the email takes the phishing target to a spoofed SBA webpage (https://leanproconsulting.com.br/gov/covid19relief/sba.gov) that asks the target to "Sign in to Your Account." The page captures the sign-in attempt and steals the target's log-in credentials.
Please do not include sensitive information such as account numbers or other personal information such as Social Security or Tax Identification numbers, driver’s license numbers, etc. in any email sent to us via this link.